Malware Data

A daily list of URLs we have seen in our malware analysis that have been confirmed by at least one AV package as being involved in infection or the distribution of malware.

Features

Daily List of URLs

Manually reviewed Phishing URLs

Analysis bundle available

daily tar gzip file provided

two primary malware feeds

MALICIOUS URLs

The Malicious URL Feed is a daily list of URLs we have seen in our malware analysis that have been confirmed by at least one AV package as being involved in infection or the distribution of malware. This makes it easy for an organization to check DNS query logs, proxy logs, or flows to spot workstations that have been used to visit these sites. We also include our manually reviewed phishing URL feed.

MALWARE BINARIES

The Malware Binary Feed is a daily tar gzip file of malware that has been collected by us in the last 24 hours. All times are UTC.

Malware Analysis Bundle

Five daily sub-feeds

MALWARE SIGNATURES FEED

List of hashes of samples that we have run against 30 AV packages that have resulted in a 5% or more detection rate. This method can boost detection rates to up to 50% when combined with a single AV package

MALWARE USER-AGENT FEED

Consists of the hash plus the User-Agent string being used by the malware and can be used to identify infected hosts or differentiate between legitimate versus malicious traffic

MALWARE AV REFERENCE FEED

Correlative listing of hashes from malware collected in the last 24 hours and AV engine signature names from most major AV engines

MALWARE FLOW FEED

Hash and network flows seen during run-time analysis of malware collected in the last 24 hours

MALWARE HASH FEED

MD5 and SHA1 hash feed of all newly detected and reported samples

Frequently Asked Questions

We combine the results of scans from a number of commercial sandbox tools and some 35 different anti-virus engines, along with our own proprietary run time analysis system, to provide an unprecedented level of detail for our malware database and tracking systems. Data for our malware feeds comes from this database as well as other systems such as BARS.